NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] NT Routing Problems

Title: RE: [FW1] NT Routing Problems

Geoff...  It's still early... haven't had my caffine yet... and maybe you just made a typo when sending the message...

but it looks like you have your internal and external interfaces on the same subnet.  This would cause issues...  but if that were the case then your LAN isn't even on the same subnet as the Internal interface....

If the internal interface is actually      38.164.192.4    255.255.255.0   None  -  Then all looks well...

Your lack of routing ... which side of the router are you testing from ? and am I correct in understanding that if you switch to NAT then it does work ?







> -----Original Message-----
> From: [email protected] [mailto:[email protected]]
> Sent: Sunday, November 19, 2000 5:34 PM
> To: [email protected]
> Subject: RE: [FW1] NT Routing Problems
>
>
>
> Geoff,
>
> I had the same situation happen to me with NT. I had to
> remove the TCP/IP
> stack from the system then reinstall it. I had to install the NetBEUI
> protocol as a place holder, remove the TCP/IP, do a reboot to
> clean things
> up then reinstall the TCP/IP protocol.
>
> After doing all that I was able to ping through fine.
>
> Good Luck!
>
> Charlie
>
> -----Original Message-----
> From: Geoff Shatz [mailto:[email protected]]
> Sent: Saturday, November 18, 2000 2:58 PM
> To: [email protected]
> Subject: [FW1] NT Routing Problems
>
>
>
>      Hello all. I am trying to get my first Firewall One Box
> up and running
>      and into production and have run into some problems.
> Unfortunately I
>      am stuck with getting this to work on NT, our budget
> constrained us
>      from using a Nokia box which would have been my preference.
>     
>      What appears to be happening is that packets are not
> being forwarded
>      between my internal and external interfaces. After
> fairly extensive
>      troubleshooting I narrowed this down to it being an NT
> problem and not
>      a Firewall-1 problem as I can duplicate the behaviour
> exactly whether
>      FW-1 is installed or not. I may be missing something
> very basic here
>      as I'm new to this arena but any help offered would be greatly
>      appreciated.
>     
>      Here's the skinny, we initially need to get this firewall set up
>      without using NAT due to some processes that need to be
> tested before
>      it is implemented. Additionally, to avoid too many X
> factors I want to
>      get the firewall implemented in as secure but as simple
> a fashion as
>      possible to start.
>     
>      Here's an example of what my current layout is:
>     
>     
>      Internet --- Router --- External IF --- Internal IF --- LAN
>     
>     
>      Device             IP Address      Subnet Mask     Gateway
>      Router             38.164.193.1    255.255.255.0
>      External IF        38.164.193.3    255.255.255.0  
> 38.164.193.1   
>      Internal IF        38.164.193.4    255.255.255.0   None
>      LAN                38.164.192.0    255.255.255.0   38.164.192.4
>     
>      After checking and rechecking details it seems as if I
> did configure
>      things properly but my gut tells me I'm missing
> something basic. I can
>      ping the Internal IF from the LAN but can't pass traffic
> past that
> card.
>      From the NT Box I can ping both internal cards the
> Router and machines
>      out on the Internet. Allow IP forwarding is checked in
> IP properties in
>
>      NT.
>     
>      If I put the Internal IF and the Workstations on the LAN onto a
>      different network, say 10.10.10.0/24 the NT box will
> pass the traffic,
>      but I'm not at a stage where I can rework our entire Network and
>      implement NAT all at the same time.
>     
>      Any thoughts? Am I being dumb here or am I just missing
> some basic
>      understanding of how routing works. Any help would be greatly
>      appreciated. This mailing list has certainly helped
> greatly in getting
>      me at least to this point. Thanks again.
>     
>      Geoff
>
>
>
> ==============================================================
> ==============
> ====
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==============
> ====
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.